Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1602931 - (CVE-2018-10903) CVE-2018-10903 python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API
CVE-2018-10903 python-cryptography: GCM tag forgery via truncated tag in fina...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20180718,repor...
: Security
Depends On: 1605040 1605041 1605042 1602932 1607923
Blocks: 1602933
  Show dependency treegraph
 
Reported: 2018-07-18 16:15 EDT by Pedro Sampaio
Modified: 2018-09-28 10:28 EDT (History)
25 users (show)

See Also:
Fixed In Version: python-cryptography 2.3
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Github pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef None None None 2018-09-28 10:28 EDT

  None (edit)
Description Pedro Sampaio 2018-07-18 16:15:40 EDT 
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Upstream patch:

https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1602752
Comment 4 Joshua Padman 2018-07-20 00:07:29 EDT 
The following OpenStack releases ship the vulnerable library. However, OpenStack does not appear to use the GCM mode.
Red Hat OpenStack 13
Red Hat OpenStack 14
Comment 5 Joshua Padman 2018-07-20 00:11:14 EDT 
Created python-cryptography tracking bugs for this issue:

Affects: openstack-rdo [bug 1605041]
Comment 9 Alan Pevec 2018-07-25 10:41:55 EDT 
(In reply to Pedro Yóssis Silva Barbosa from comment #8)
> RHEL7.5 ships version 1.7.2-2. Thus it is affected.

How come, description says >=1.9.0 and <2.3 ?
Comment 10 Pedro Yóssis Silva Barbosa 2018-07-28 14:37:27 EDT 
Correction: RHEL7.5 ships version 1.7.2-2 and the finalize_with_tag method wasn't implemented in this version. Thus it is NOT affected. I am closing the rhel-7 tracker.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.